[processor/redactionprocessor] Add URL sanitization feature to redactionprocessor (#41774)

<!--Ex. Fixing a bug - Describe the bug and how this fixes the issue.
Ex. Adding a feature - Explain what this achieves.-->
#### Description
Add URL sanitization feature to redactionprocessor

<!-- Issue number (e.g. #1234) or full URL to issue, if applicable. -->
#### Link to tracking issue
Fixes #41535

<!--Describe what testing was performed and which tests were added.-->
#### Testing
- Added new tests
- Tested with this config:
```yaml
receivers:
  otlp:
    protocols:
      grpc:
      http:

exporters:
  debug:
    verbosity: detailed

processors:
  redaction:
    allow_all_keys: true
    url_sanitization:
      enabled: true
      attributes:
        - "url"

service:
  pipelines:
    logs:
      receivers: [otlp]
      processors: [redaction]
      exporters: [debug]
    traces:
      receivers: [otlp]
      processors: [redaction]
      exporters: [debug]
    metrics:
      receivers: [otlp]
      processors: [redaction]
      exporters: [debug]
```

Signed-off-by: Israel Blancas <[email protected]>

Author: iblancasa

.chloggen/41535.yaml

@@ -0,0 +1,27 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: redactionprocessor
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: "Add support for URL sanitization in the redaction processor."
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [41535]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: []

processor/redactionprocessor/README.md

@@ -102,6 +102,12 @@ processors:
     # - `info` includes just the redacted key counts in the summary
     # - `silent` omits the summary attributes
     summary: debug
+    # url_sanitizer configures URL sanitization to remove variable elements from the url, causing high cardinality issues
+    url_sanitizer:
+      # enabled controls whether URL sanitization is active
+      enabled: true
+      # attributes is a list of attribute keys that contain URLs to be sanitized
+      attributes: ["http.url", "url"]
 ```
 
 Refer to [config.yaml](./testdata/config.yaml) for how to fit the configuration
@@ -130,6 +136,10 @@ instead of masking them with a fixed string. By default, no hash function is use
 and masking with a fixed string is performed. The supported hash functions
 are `md5`, `sha1` and `sha3` (SHA-256).
 
+The `url_sanitizer` configuration enables sanitization of URLs in specified attributes by removing potentially sensitive information like UUIDs, timestamps, and other non-essential path segments. This is particularly useful for reducing cardinality in telemetry data while preserving the essential parts of URLs for troubleshooting.
+
+Additionally, URL sanitization automatically applies to span names for client and server span types that contain "/" characters. This helps reduce cardinality issues caused by high-variability URL paths in span names while preserving the essential routing information needed for observability.
+
 For example, if `notes` is on the list of allowed keys, then the `notes`
 attribute is retained. However, if there is a value such as a credit card
 number in the `notes` field that matched a regular expression on the list of

processor/redactionprocessor/config.go

@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/redactionprocessor/internal/db"
+	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/redactionprocessor/internal/url"
 )
 
 var _ encoding.TextUnmarshaler = (*HashFunction)(nil)
@@ -69,6 +70,9 @@ type Config struct {
 	// information, while it is valuable when integrating and testing a new
 	// configuration. Possible values are `debug`, `info`, and `silent`.
 	Summary string `mapstructure:"summary"`
+
+	// URLSanitization is a flag to sanitize URLs by removing UUIDs, timestamps, and other non-essential information
+	URLSanitization url.URLSanitizationConfig `mapstructure:"url_sanitizer"`
 }
 
 func (u HashFunction) String() string {

processor/redactionprocessor/go.mod

@@ -4,6 +4,7 @@ go 1.24.0
 
 require (
 	github.com/DataDog/datadog-agent/pkg/obfuscate v0.70.2
+	github.com/grafana/clusterurl v0.2.1
 	github.com/stretchr/testify v1.11.1
 	go.opentelemetry.io/collector/component v1.42.0
 	go.opentelemetry.io/collector/component/componenttest v0.136.0
@@ -38,6 +39,7 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/hashicorp/go-version v1.7.0 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/knadh/koanf/maps v0.1.2 // indirect
 	github.com/knadh/koanf/providers/confmap v1.0.0 // indirect

processor/redactionprocessor/go.sum

@@ -0,0 +1,10 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package url // import "github.com/open-telemetry/opentelemetry-collector-contrib/processor/redactionprocessor/internal/url"
+
+type URLSanitizationConfig struct {
+	Enabled bool `mapstructure:"enabled"`
+	// Attributes is the list of attributes that will be sanitized.
+	Attributes []string `mapstructure:"attributes"`
+}

processor/redactionprocessor/internal/url/config.go

@@ -0,0 +1,50 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package url // import "github.com/open-telemetry/opentelemetry-collector-contrib/processor/redactionprocessor/internal/url"
+
+import (
+	"fmt"
+
+	"github.com/grafana/clusterurl/pkg/clusterurl"
+)
+
+type URLSanitizer struct {
+	classifier *clusterurl.ClusterURLClassifier
+	attributes map[string]bool
+}
+
+func NewURLSanitizer(config URLSanitizationConfig) (*URLSanitizer, error) {
+	classifier, err := clusterurl.NewClusterURLClassifier(nil)
+	if err != nil {
+		return nil, fmt.Errorf("unable to create cluster URL classifier: %w", err)
+	}
+
+	attributes := make(map[string]bool)
+	for _, attribute := range config.Attributes {
+		attributes[attribute] = true
+	}
+
+	return &URLSanitizer{
+		classifier: classifier,
+		attributes: attributes,
+	}, nil
+}
+
+func (s *URLSanitizer) SanitizeAttributeURL(url, attributeKey string) string {
+	if url == "" {
+		return url
+	}
+
+	if _, ok := s.attributes[attributeKey]; ok {
+		return s.SanitizeURL(url)
+	}
+
+	return url
+}
+
+// SanitizeURL sanitizes the given URL by removing any gibberish words.
+// https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/blob/38ca7938595409b8ffe6b897c14a0e3280dd2941/pkg/components/transform/route/cluster.go#L48
+func (s *URLSanitizer) SanitizeURL(url string) string {
+	return s.classifier.ClusterURL(url)
+}

processor/redactionprocessor/internal/url/sanitizer.go

@@ -23,6 +23,7 @@ import (
 	"golang.org/x/crypto/sha3"
 
 	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/redactionprocessor/internal/db"
+	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/redactionprocessor/internal/url"
 )
 
 const attrValuesSeparator = ","
@@ -44,6 +45,8 @@ type redaction struct {
 	config *Config
 	// Logger
 	logger *zap.Logger
+	// URL sanitizer
+	urlSanitizer *url.URLSanitizer
 	// Database obfuscator
 	dbObfuscator *db.Obfuscator
 }
@@ -69,6 +72,13 @@ func newRedaction(ctx context.Context, config *Config, logger *zap.Logger) (*red
 		return nil, fmt.Errorf("failed to process allow list: %w", err)
 	}
 
+	var urlSanitizer *url.URLSanitizer
+	if config.URLSanitization.Enabled {
+		urlSanitizer, err = url.NewURLSanitizer(config.URLSanitization)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create URL sanitizer: %w", err)
+		}
+	}
 	dbObfuscator := db.NewObfuscator(config.DBSanitizer)
 
 	return &redaction{
@@ -80,6 +90,7 @@ func newRedaction(ctx context.Context, config *Config, logger *zap.Logger) (*red
 		hashFunction:      config.HashFunction,
 		config:            config,
 		logger:            logger,
+		urlSanitizer:      urlSanitizer,
 		dbObfuscator:      dbObfuscator,
 	}, nil
 }
@@ -131,6 +142,10 @@ func (s *redaction) processResourceSpan(ctx context.Context, rs ptrace.ResourceS
 
 			// Attributes can also be part of span events
 			s.processSpanEvents(ctx, span.Events())
+
+			if s.shouldRedactSpanName(&span) {
+				span.SetName(s.urlSanitizer.SanitizeURL(span.Name()))
+			}
 		}
 	}
 }
@@ -407,6 +422,10 @@ func (s *redaction) processStringValueForAttribute(strVal, attributeKey string)
 		}
 	}
 
+	if s.urlSanitizer != nil {
+		strVal = s.urlSanitizer.SanitizeAttributeURL(strVal, attributeKey)
+	}
+
 	if s.dbObfuscator != nil {
 		obfuscatedQuery, err := s.dbObfuscator.ObfuscateAttribute(strVal, attributeKey)
 		if err != nil {
@@ -427,6 +446,10 @@ func (s *redaction) processStringValueForLogBody(strVal string) string {
 		}
 	}
 
+	if s.urlSanitizer != nil {
+		strVal = s.urlSanitizer.SanitizeURL(strVal)
+	}
+
 	if s.dbObfuscator != nil {
 		obfuscatedQuery, err := s.dbObfuscator.Obfuscate(strVal)
 		if err != nil {
@@ -474,6 +497,22 @@ func (s *redaction) shouldRedactKey(k string) bool {
 	return false
 }
 
+func (s *redaction) shouldRedactSpanName(span *ptrace.Span) bool {
+	if s.urlSanitizer == nil {
+		return false
+	}
+	spanKind := span.Kind()
+	if spanKind != ptrace.SpanKindClient && spanKind != ptrace.SpanKindServer {
+		return false
+	}
+
+	spanName := span.Name()
+	if !strings.Contains(spanName, "/") {
+		return false
+	}
+	return !s.shouldAllowValue(spanName)
+}
+
 const (
 	debug                      = "debug"
 	info                       = "info"